Automated Verification of Accountability in Security Protocols
This work addresses the need for automated verification to ensure trust and accountability in security protocols, which is incremental as it builds on existing accountability and causality literature.
The paper tackles the problem of verifying accountability in security protocols by providing a mechanized method that can identify all misbehaving parties, and demonstrates its use for verification and attack finding on examples like Certificate Transparency and Kroll Accountable Algorithms protocol with a high degree of automation.
Accountability is a recent paradigm in security protocol design which aims to eliminate traditional trust assumptions on parties and hold them accountable for their misbehavior. It is meant to establish trust in the first place and to recognize and react if this trust is violated. In this work, we discuss a protocol agnostic definition of accountability: a protocol provides accountability (w.r.t. some security property) if it can identify all misbehaving parties, where misbehavior is defined as a deviation from the protocol that causes a security violation. We provide a mechanized method for the verification of accountability and demonstrate its use for verification and attack finding on various examples from the accountability and causality literature, including Certificate Transparency and Kroll Accountable Algorithms protocol. We reach a high degree of automation by expressing accountability in terms of a set of trace properties and show their soundness and completeness.